Equipped To Survive Equipped To Survive® Presents
The Survival Forum
Where do you want to go on ETS?

Page 8 of 10 < 1 2 ... 6 7 8 9 10 >
Topic Options
#269201 - 04/17/14 11:27 PM Re: Might be time to change your passwords [Re: Denis]
chaosmagnet Online   content
Sheriff
Carpal Tunnel

Registered: 12/03/09
Posts: 3819
Loc: USA
Originally Posted By: Denis
Okay, when talking about password length/complexity requirements here the focus seems to be website accounts as these appear to be the most likely source of compromise. Am I correct in assuming that the same level of length/complexity would not be required for things like Windows/Active Directory accounts as they are (I'm guessing here) not likely to be open to this type of compromise. What about things like Wi-Fi passwords?


Active Directory passwords should have a high level of complexity if you care about what your password is protecting. There are several ways to extract the hashed passwords from the Domain Controller.

I spent some quality time as a wireless pentester -- it was one of the more enjoyable ways of making money I've ever found. The two most common ways of securing home networks are:

WEP -- In my opinion, WEP is worse than no security whatsoever, as it leads you into thinking that your network might be secure. In the field I have repeatedly cracked WEP keys in about two minutes.

WPA/WPA2 (PSK, Pre Shared Key, or "Personal") -- Here, password length and complexity are critically important, as WPA and WPA2 are subject to brute force attacks. Weak passwords will fall, strong passwords are unlikely to be.

For corporate networks, there are a whole mess of wireless security protocols. Some are better than others. WPA2-Enterprise uses 802.1X and is pretty hard to crack. However, unless the corporate network is running wireless intrusion prevention, there's a straightforward way of attacking it by setting up your own wireless access point and stealing authentication credentials from users.

Top
#269209 - 04/18/14 02:33 AM Re: Might be time to change your passwords [Re: Eugene]
UTAlumnus Offline
Old Hand

Registered: 03/08/03
Posts: 1019
Loc: East Tennessee near Bristol
I don't go to the VM level but the only place I use IE at all is if a site won't run without it and I HAVE to access it.

Top
#269226 - 04/18/14 05:25 PM Re: Might be time to change your passwords [Re: UTAlumnus]
Arney Offline
Pooh-Bah

Registered: 09/15/05
Posts: 2485
Loc: California
Originally Posted By: UTAlumnus
I don't go to the VM level but the only place I use IE at all is if a site won't run without it and I HAVE to access it.

On the security side, MS has come a long way in improving IE since the IE 5 or 6 days.

Top
#269571 - 04/29/14 05:21 PM Re: Might be time to change your passwords [Re: Arney]
Arney Offline
Pooh-Bah

Registered: 09/15/05
Posts: 2485
Loc: California
Originally Posted By: Arney
On the security side, MS has come a long way in improving IE since the IE 5 or 6 days.

I sure do have great timing. Looks like there is a very serious vulnerability in Internet Explorer versions 6 - 11 which could allow a total hijack of your PC. Sounds like this vulnerability has been exploited in the real world.

So, if you're an IE user, use something else for a while until this gets addressed. People still using WinXP are probably out of luck on getting this fixed, though, which is basically what "everyone" has been warning about as XP support ends from Microsoft. No more fixes and updates for the XP users.

Some articles mention that this is a Flash-based vulnerability, but I think they are mixing up two separate issues. More info on the IE issue can be read here .

Top
#269572 - 04/29/14 05:25 PM Re: Might be time to change your passwords [Re: Mark_R]
Eugene Offline
Carpal Tunnel

Registered: 12/26/02
Posts: 2995
The biggest issue with IE is the OS integration so a hole in IE becomes a hole into the OS. Any other browser isn't as tightly integrated so a hole in the browser is pretty much limited to the browser.
Thats how they can get junk through IE even when your not running as an Admin user.

Any time a relative or friend asks me to fix their system I load a new browser and hide IE otherwise they can go to someone else for support. I've seen so much get through even the new versions that its just too risky to use it.

Same with MSOE or whatever they call it now.

Top
#269579 - 04/29/14 07:34 PM Re: Might be time to change your passwords [Re: Eugene]
Mark_R Offline
Old Hand

Registered: 05/29/10
Posts: 863
Loc: Southern California
Originally Posted By: Eugene
The biggest issue with IE is the OS integration so a hole in IE becomes a hole into the OS. Any other browser isn't as tightly integrated so a hole in the browser is pretty much limited to the browser.
Thats how they can get junk through IE even when your not running as an Admin user.


Speaking of which.....
http://www.usatoday.com/story/tech/2014/...ne-fox/8409857/
Quote:
SAN FRANCISCO — The U.S. Department of Homeland security is advising Americans not to use the Internet Explorer Web browser until a fix is found for a serious security flaw that came to light over the weekend.

The bug was announced on Saturday by FireEye Research Labs, an Internet security software company based in Milpitas, Calif.

"We are currently unaware of a practical solution to this problem," the Department of Homeland Security's United States Computer Emergency Readiness Team said in a post Monday morning.

It recommended that users and administrators "consider employing an alternative Web browser until an official update is available."

The security flaw allows malicious hackers to get around security protections in the Windows operating system. They then can be infected when visiting a compromised website.

Because the hack uses a corrupted Adobe Flash file to attack the victim's computer, users can avoid it by turning off Adobe Flash.

"The attack will not work without Adobe Flash," FireEye said. "Disabling the Flash plugin within IE will prevent the exploit from functioning."


Original announcement:
http://www.us-cert.gov/ncas/current-acti...erability-Being
http://www.kb.cert.org/vuls/id/222929
https://technet.microsoft.com/en-US/library/security/2963983

FYI for anybody downloading Mozilla; there is a lot of extraneous programs, including malicious adware, that gets downloaded alongside the Firefox browser. You will need to go into the control panel and manually uninstall these.

BOHICA
_________________________
Hope for the best and prepare for the worst.

The object in life is not to be on the side of the majority, but to escape finding oneself in the ranks of the insane

Top
#269580 - 04/29/14 07:51 PM Re: Might be time to change your passwords [Re: Mark_R]
chaosmagnet Online   content
Sheriff
Carpal Tunnel

Registered: 12/03/09
Posts: 3819
Loc: USA
Originally Posted By: Mark_R
FYI for anybody downloading Mozilla; there is a lot of extraneous programs, including malicious adware, that gets downloaded alongside the Firefox browser. You will need to go into the control panel and manually uninstall these.


As far as I know, if you download Mozilla Firefox from http://www.mozilla.org/en-US/firefox/new/ there is no adware or other unwanted programs downloaded with it. There may be a checkbox to uncheck for a toolbar.

Top
#269582 - 04/29/14 08:22 PM Re: Might be time to change your passwords [Re: Mark_R]
ireckon Offline
Pooh-Bah

Registered: 04/01/10
Posts: 1629
Loc: Northern California
Originally Posted By: Mark_R
FYI for anybody downloading Mozilla; there is a lot of extraneous programs, including malicious adware, that gets downloaded alongside the Firefox browser. You will need to go into the control panel and manually uninstall these.


Yikes. Control Panel of Windows? Or Add-Ons in Firefox?

I went to Control Panel/Programs of Windows, and I didn't see anything that looked like malware. I also went to Add-ons in Firefox, and I didn't see anything. Maybe my protection software protected me.
_________________________
If you're reading this, it's too late.

Top
#269584 - 04/29/14 09:26 PM Re: Might be time to change your passwords [Re: ireckon]
Eugene Offline
Carpal Tunnel

Registered: 12/26/02
Posts: 2995
Mozilla does not add any software along side it, the only wan you would end up with something like that is if you download from some other place. Just download it from the real source and you'll be fine.

Top
#269615 - 05/01/14 08:16 PM Re: Might be time to change your passwords [Re: Mark_R]
Mark_R Offline
Old Hand

Registered: 05/29/10
Posts: 863
Loc: Southern California
FYI, Microsoft issues fix.

http://news.msn.com/science-technology/m...sers-get-it-too

I'm staying with Firefox for the foreseable future with this computer. My next one will be a Linux system as MS and Google seem to be not playing very nice anymore.


Edited by Mark_R (05/01/14 08:18 PM)
_________________________
Hope for the best and prepare for the worst.

The object in life is not to be on the side of the majority, but to escape finding oneself in the ranks of the insane

Top
Page 8 of 10 < 1 2 ... 6 7 8 9 10 >



Moderator:  Alan_Romania, Blast, chaosmagnet, cliff 
March
Su M Tu W Th F Sa
1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31
Who's Online
0 registered (), 269 Guests and 21 Spiders online.
Key: Admin, Global Mod, Mod
Newest Members
GallenR, Jeebo, NicholasMarshall, Yadav, BenFoakes
5367 Registered Users
Newest Posts
What did you do today to prepare?
by dougwalkabout
Yesterday at 11:21 PM
Zippo Butane Inserts
by dougwalkabout
Yesterday at 11:11 PM
Question about a "Backyard Mutitool"
by Ren
03/17/24 01:00 AM
Problem in my WhatsApp configuration
by Chisel
03/09/24 01:55 PM
New Madrid Seismic Zone
by Jeanette_Isabelle
03/04/24 02:44 PM
EDC Reduction
by EchoingLaugh
03/02/24 04:12 PM
Using a Compass Without a Map
by KenK
02/28/24 12:22 AM
Newest Images
Tiny knife / wrench
Handmade knives
2"x2" Glass Signal Mirror, Retroreflective Mesh
Trade School Tool Kit
My Pocket Kit
Glossary
Test

WARNING & DISCLAIMER: SELECT AND USE OUTDOORS AND SURVIVAL EQUIPMENT, SUPPLIES AND TECHNIQUES AT YOUR OWN RISK. Information posted on this forum is not reviewed for accuracy and may not be reliable, use at your own risk. Please review the full WARNING & DISCLAIMER about information on this site.